---
- name: Install external dependencies
  dnf: name={{ item }} state=present
  with_items:
    - redis
    - python3-fedmsg
    - postfix


- include_tasks: dev_deps.yml
  when: hubs_dev_mode

- include_tasks: prod_deps.yml
  when: not hubs_dev_mode


- name: Add a basic Hubs configuration file
  template:
    src: "{{ item }}"
    dest: "{{ hubs_conf_dir }}/hubs.py"
    owner: root
    group: "{{ main_user }}"
    mode: 0640
  with_first_found:
    - hubs_config.{{ ansible_hostname }}
    - hubs_config
  notify: "hubs configuration change"


- name: Add a basic fedmsg configuration file
  template:
    src: "{{ item }}"
    dest: "/etc/fedmsg.d/fedora-hubs.py"
  with_first_found:
    - fedmsg_config.{{ ansible_hostname }}
    - fedmsg_config
  notify: "hubs configuration change"


- name: Configure application to authenticate with the OIDC provider (dev)
  block:
  - dnf: name=python3-flask-oidc state=present
  - command:
      oidc-register
      --output-file {{ hubs_conf_dir }}/client_secrets.json
      https://{{ hubs_oidc_url }}/ {{ hubs_url }}
    args:
      creates: "{{ hubs_conf_dir }}/client_secrets.json"
    notify: "hubs configuration change"
  when: hubs_oidc_url == "iddev.fedorainfracloud.org"


- name: Configure application to authenticate with the OIDC provider
  template:
    src: oidc_client_secrets.json
    dest: "{{ hubs_conf_dir }}/client_secrets.json"
    owner: root
    group: "{{ main_user }}"
    mode: 0640
  notify: "hubs configuration change"
  when: hubs_oidc_url != "iddev.fedorainfracloud.org"


- name: Fix the permissions on the OIDC secrets file
  file:
    path: "{{ hubs_conf_dir }}/client_secrets.json"
    owner: root
    group: "{{ main_user }}"
    mode: 0640


- name: Start and enable the common services
  service: name={{ item }} state=started enabled=yes
  with_items:
    - redis
    - postfix

# Set up, create, and populate the database.
- include_tasks: db-{{ hubs_db_type }}.yml


# Services
- name: Disable the system-wide fedmsg daemons
  service: name={{ item }} state=stopped enabled=no
  with_items:
    # We use honcho in dev mode and fedmsg-hub-3 in prod mode
    - fedmsg-hub
    # We use honcho in dev mode and fedmsg-relay-3 in prod mode
    - fedmsg-relay


# Include mode-specific tasks

- include_tasks: dev.yml
  when: hubs_dev_mode

- include_tasks: prod.yml
  when: not hubs_dev_mode
